better fix for ITS#5154

servers/slapd/back-meta/bind.c

@@ -189,9 +189,6 @@ meta_back_bind( Operation *op, SlapReply *rs )
 
 		if ( lerr != LDAP_SUCCESS ) {
 			rc = rs->sr_err = lerr;
-			/* Mark the meta_conn struct as tainted so
-			 * it'll be freed by meta_conn_back_destroy below */
-			LDAP_BACK_CONN_TAINTED_SET( mc );
 
 			/* FIXME: in some cases (e.g. unavailable)
 			 * do not assume it's not candidate; rather
@@ -211,28 +208,19 @@ meta_back_bind( Operation *op, SlapReply *rs )
 		if ( !LDAP_BACK_PCONN_ISPRIV( mc )
 			&& !dn_match( &op->o_req_ndn, &mc->mc_local_ndn ) )
 		{
-			metaconn_t	*tmpmc;
 			int		lerr;
 
 			/* wait for all other ops to release the connection */
-retry_lock:;
 			ldap_pvt_thread_mutex_lock( &mi->mi_conninfo.lai_mutex );
-			if ( mc->mc_refcnt > 1 ) {
-				ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-				ldap_pvt_thread_yield();
-				goto retry_lock;
-			}
-
 			assert( mc->mc_refcnt == 1 );
 #if META_BACK_PRINT_CONNTREE > 0
 			meta_back_print_conntree( mi, ">>> meta_back_bind" );
 #endif /* META_BACK_PRINT_CONNTREE */
-			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
-				meta_back_conndn_cmp );
-			assert( tmpmc == mc );
 
 			/* delete all cached connections with the current connection */
 			if ( LDAP_BACK_SINGLECONN( mi ) ) {
+				metaconn_t	*tmpmc;
+
 				while ( ( tmpmc = avl_delete( &mi->mi_conninfo.lai_tree, (caddr_t)mc, meta_back_conn_cmp ) ) != NULL )
 				{
 					Debug( LDAP_DEBUG_TRACE,
@@ -255,23 +243,22 @@ retry_lock:;
 			}
 
 			ber_bvreplace( &mc->mc_local_ndn, &op->o_req_ndn );
-			if ( isroot ) {
-				LDAP_BACK_CONN_ISPRIV_SET( mc );
-				LDAP_BACK_PCONN_SET( mc, op );
-			}
 			lerr = avl_insert( &mi->mi_conninfo.lai_tree, (caddr_t)mc,
 				meta_back_conndn_cmp, meta_back_conndn_dup );
 #if META_BACK_PRINT_CONNTREE > 0
 			meta_back_print_conntree( mi, "<<< meta_back_bind" );
 #endif /* META_BACK_PRINT_CONNTREE */
-			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
-			if ( lerr == -1 ) {
-				/* we can do this because mc_refcnt == 1 */
-				assert( mc->mc_refcnt == 1 );
-				mc->mc_refcnt = 0;
-				meta_back_conn_free( mc );
-				mc = NULL;
+			if ( lerr == 0 ) {
+				if ( isroot ) {
+					LDAP_BACK_CONN_ISPRIV_SET( mc );
+					LDAP_BACK_PCONN_SET( mc, op );
+				}
+				LDAP_BACK_CONN_CACHED_SET( mc );
+
+			} else {
+				LDAP_BACK_CONN_CACHED_CLEAR( mc );
 			}
+			ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
 		}
 	}
 

servers/slapd/back-meta/conn.c

@@ -1584,6 +1584,7 @@ done:;
 		meta_back_print_conntree( mi, ">>> meta_back_getconn" );
 #endif /* META_BACK_PRINT_CONNTREE */
 
+		err = 0;
 		if ( LDAP_BACK_PCONN_ISPRIV( mc ) ) {
 			if ( mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_num < mi->mi_conn_priv_max ) {
 				LDAP_TAILQ_INSERT_TAIL( &mi->mi_conn_priv[ LDAP_BACK_CONN2PRIV( mc ) ].mic_priv, mc, mc_q );
@@ -1595,7 +1596,7 @@ done:;
 			}
 			rs->sr_err = 0;
 
-		} else {
+		} else if ( !( sendok & LDAP_BACK_BINDING ) ) {
 			err = avl_insert( &mi->mi_conninfo.lai_tree, ( caddr_t )mc,
 			       	meta_back_conndn_cmp, meta_back_conndn_dup );
 			LDAP_BACK_CONN_CACHED_SET( mc );
@@ -1681,7 +1682,7 @@ meta_back_release_conn_lock(
 	 * that are not privileged would live forever and pollute
 	 * the connection space (and eat up resources).  Maybe this
 	 * should be configurable... */
-	if ( LDAP_BACK_CONN_TAINTED( mc ) ) {
+	if ( LDAP_BACK_CONN_TAINTED( mc ) || !LDAP_BACK_CONN_CACHED( mc ) ) {
 #if META_BACK_PRINT_CONNTREE > 0
 		meta_back_print_conntree( mi, ">>> meta_back_release_conn" );
 #endif /* META_BACK_PRINT_CONNTREE */
@@ -1698,7 +1699,7 @@ meta_back_release_conn_lock(
 				assert( !LDAP_BACK_CONN_CACHED( mc ) );
 			}
 
-		} else {
+		} else if ( LDAP_BACK_CONN_CACHED( mc ) ) {
 			metaconn_t	*tmpmc;
 
 			tmpmc = avl_delete( &mi->mi_conninfo.lai_tree,

tests/data/do_bind.0

@@ -2,5 +2,5 @@ cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
 bjensen
 cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
 bjorn
-cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
-jaj
+ou=People,dc=example,dc=com
++userPassword:(userPassword=*)

tests/data/slapd-meta-target1.conf

@@ -0,0 +1,60 @@
+# stand-alone slapd config -- for testing (with indexing)
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2007 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+include		@DATADIR@/test.schema
+
+#
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
+
+# allow big PDUs from anonymous (for testing purposes)
+sockbuf_max_incoming 4194303
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#monitormod#modulepath ../servers/slapd/back-monitor/
+#monitormod#moduleload back_monitor.la
+
+#######################################################################
+# database definitions
+#######################################################################
+
+database	@BACKEND@
+suffix		"dc=example,dc=com"
+directory	@TESTDIR@/db.1.a
+rootdn		"cn=Manager,dc=example,dc=com"
+rootpw		secret
+#bdb#index		objectClass	eq
+#bdb#index		cn,sn,uid	pres,eq,sub
+#hdb#index		objectClass	eq
+#hdb#index		cn,sn,uid	pres,eq,sub
+
+# ITS#5154: force mixed success/failure of binds using same connection
+access to dn="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,dc=example,dc=com"
+		attrs=userPassword
+	by * =r
+
+access to attrs=userPassword
+	by * =xr
+
+access to *
+	by * read
+
+#monitor#database	monitor

tests/scripts/defines.sh

@@ -114,7 +114,8 @@ SQLSRMASTERCONF=$DATADIR/slapd-sql-syncrepl-master.conf
 TRANSLUCENTLOCALCONF=$DATADIR/slapd-translucent-local.conf
 TRANSLUCENTREMOTECONF=$DATADIR/slapd-translucent-remote.conf
 METACONF=$DATADIR/slapd-meta.conf
-METACONF2=$DATADIR/slapd-meta2.conf
+METACONF1=$DATADIR/slapd-meta-target1.conf
+METACONF2=$DATADIR/slapd-meta-target2.conf
 GLUELDAPCONF=$DATADIR/slapd-glue-ldap.conf
 ACICONF=$DATADIR/slapd-aci.conf
 VALSORTCONF=$DATADIR/slapd-valsort.conf
@@ -241,8 +242,8 @@ BASEDN="dc=example,dc=com"
 MANAGERDN="cn=Manager,$BASEDN"
 UPDATEDN="cn=Replica,$BASEDN"
 PASSWD=secret
-BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,OU=People,$BASEDN"
-BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,OU=People,$BASEDN"
+BABSDN="cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN"
+BJORNSDN="cn=Bjorn Jensen,ou=Information Technology DivisioN,ou=People,$BASEDN"
 JAJDN="cn=James A Jones 1,ou=Alumni Association,ou=People,$BASEDN"
 JOHNDDN="cn=John Doe,ou=Information Technology Division,ou=People,$BASEDN"
 MELLIOTDN="cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN"

tests/scripts/test036-meta-concurrency

@@ -23,18 +23,6 @@ if test $BACKMETA = metano ; then
 	exit 0
 fi
 
-#### No longer experimental, IMHO
-###if test "x$TEST_META" = "xno" ; then
-###	echo '### Test disabled by "TEST_META=no"; unset TEST_META to re-enable'
-###	echo ""
-###	exit 0
-###else
-###	echo "### this test is experimental; in case of problems,"
-###	echo "### set \"TEST_META=no\" to disable, and report thru"
-###	echo "### the Issue Tracking System <http://www.openldap.org/its/>"
-###	echo ""
-###fi
-
 if test x$TESTLOOPS = x ; then
 	TESTLOOPS=50
 fi
@@ -60,7 +48,7 @@ if test "$BACKEND" = "bdb" || test "$BACKEND" = "hdb" ; then
 fi
 
 echo "Starting slapd on TCP/IP port $PORT1..."
-. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+. $CONFFILTER $BACKEND $MONITORDB < $METACONF1 > $CONF1
 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
 PID=$!
 if test $WAIT != 0 ; then